diff options
author | vasraz <vasyl.razinkov@est.tech> | 2021-11-29 17:42:02 +0000 |
---|---|---|
committer | Michael Morris <michael.morris@est.tech> | 2021-12-07 09:30:30 +0000 |
commit | 987fc74925dc4051f08913393924d2b826d7e59c (patch) | |
tree | 50ed0e7ee1e9105af8fc8190aac4ac660ba6aa4c /openecomp-be | |
parent | 5c9d068e66264be8db6018cb551db7c05e8e2596 (diff) |
Fix vulnerable dependency
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Issue-ID: SDC-3795
Change-Id: Ib6f7902b2f8380ad9febcc2fad0374e8070af15c
Diffstat (limited to 'openecomp-be')
17 files changed, 81 insertions, 13 deletions
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/action-library-rest/action-library-rest-services/pom.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/action-library-rest/action-library-rest-services/pom.xml index 8deb9c8ed4..081e2c9502 100644 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/action-library-rest/action-library-rest-services/pom.xml +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/action-library-rest/action-library-rest-services/pom.xml @@ -82,6 +82,12 @@ <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> <version>${http.client.version}</version> + <exclusions> + <exclusion> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpcore</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.apache.httpcomponents</groupId> diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/externaltesting-rest/externaltesting-rest-services/pom.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/externaltesting-rest/externaltesting-rest-services/pom.xml index 8336672b3f..dcdf931201 100644 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/externaltesting-rest/externaltesting-rest-services/pom.xml +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/externaltesting-rest/externaltesting-rest-services/pom.xml @@ -86,6 +86,12 @@ <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> <version>${http.client.version}</version> + <exclusions> + <exclusion> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpcore</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>javax.inject</groupId> diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/item-rest/item-rest-services/pom.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/item-rest/item-rest-services/pom.xml index d2584124a6..0d6a2e605c 100644 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/item-rest/item-rest-services/pom.xml +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/item-rest/item-rest-services/pom.xml @@ -32,6 +32,12 @@ <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> <version>${http.client.version}</version> + <exclusions> + <exclusion> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpcore</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>javax.inject</groupId> diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/pom.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/pom.xml index 8765d6618c..76185540c6 100644 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/pom.xml +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/pom.xml @@ -178,6 +178,12 @@ <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> <version>${http.client.version}</version> + <exclusions> + <exclusion> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpcore</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.apache.cxf</groupId> diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/validation-rest/validation-rest-services/pom.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/validation-rest/validation-rest-services/pom.xml index 6a6977b89f..6df2adf80b 100644 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/validation-rest/validation-rest-services/pom.xml +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/validation-rest/validation-rest-services/pom.xml @@ -86,6 +86,12 @@ <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> <version>${http.client.version}</version> + <exclusions> + <exclusion> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpcore</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>javax.inject</groupId> diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-license-rest/vendor-license-rest-services/pom.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-license-rest/vendor-license-rest-services/pom.xml index 0a3a1b32b0..448d62bd64 100644 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-license-rest/vendor-license-rest-services/pom.xml +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-license-rest/vendor-license-rest-services/pom.xml @@ -65,6 +65,12 @@ <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> <version>${http.client.version}</version> + <exclusions> + <exclusion> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpcore</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.apache.httpcomponents</groupId> diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/pom.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/pom.xml index 49c4be2e4a..d111164697 100644 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/pom.xml +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/pom.xml @@ -82,6 +82,17 @@ <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> <version>${http.client.version}</version> + <exclusions> + <exclusion> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpcore</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpcore</artifactId> + <version>${httpcore.version}</version> </dependency> <!-- Java Stuff --> diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vnf-repository-rest-services/pom.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vnf-repository-rest-services/pom.xml index 0ba0a9ceb0..181c28975c 100644 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vnf-repository-rest-services/pom.xml +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vnf-repository-rest-services/pom.xml @@ -116,6 +116,7 @@ <dependency> <groupId>ch.qos.logback</groupId> <artifactId>logback-classic</artifactId> + <version>${logback.version}</version> <scope>test</scope> </dependency> <dependency> diff --git a/openecomp-be/backend/openecomp-sdc-security-util/pom.xml b/openecomp-be/backend/openecomp-sdc-security-util/pom.xml index 39c663269e..d3095b1db7 100644 --- a/openecomp-be/backend/openecomp-sdc-security-util/pom.xml +++ b/openecomp-be/backend/openecomp-sdc-security-util/pom.xml @@ -23,6 +23,12 @@ <groupId>org.apache.commons</groupId> <artifactId>commons-crypto</artifactId> <version>1.0.0</version> + <exclusions> + <exclusion> + <groupId>net.java.dev.jna</groupId> + <artifactId>jna</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> diff --git a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile index c3f3a757ac..f8d33d0248 100644 --- a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile +++ b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile @@ -1,4 +1,4 @@ -FROM onap/integration-java11:8.0.0 +FROM onap/integration-java11:9.0.0 USER root ARG JETTY_FOLDER=/app/jetty @@ -13,12 +13,7 @@ RUN set -ex && \ libffi-dev \ libxml2-dev \ libressl-dev && \ - gem install \ - chef:13.8.5 \ - berkshelf:6.3.1 \ - io-console:0.4.6 \ - etc webrick \ - --no-document && \ + gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 etc webrick --no-document && \ gem cleanup && \ apk update @@ -32,12 +27,11 @@ RUN mkdir $JETTY_FOLDER && chown onap:onap $JETTY_FOLDER USER onap #Download jetty -RUN wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.31.v20200723/jetty-distribution-9.4.31.v20200723.tar.gz -O $JETTY_FOLDER/jetty.tar.gz && \ +RUN wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.41.v20210516/jetty-distribution-9.4.41.v20210516.tar.gz -O $JETTY_FOLDER/jetty.tar.gz && \ tar xvz -C $JETTY_FOLDER -f $JETTY_FOLDER/jetty.tar.gz --strip 1 && \ rm -rf $JETTY_FOLDER/jetty.tar.gz RUN sed -i 's/"jetty"/"onap"/g' $JETTY_FOLDER/etc/jetty-setuid.xml - COPY --chown=onap:onap chef-solo $JETTY_FOLDER/chef-solo/ COPY --chown=onap:onap chef-repo/cookbooks $JETTY_FOLDER/chef-solo/cookbooks/ ADD --chown=onap:onap onboarding-be-*.war $JETTY_FOLDER/webapps/ diff --git a/openecomp-be/dist/sdc-onboard-db-init-docker/artifacts/Dockerfile b/openecomp-be/dist/sdc-onboard-db-init-docker/artifacts/Dockerfile index af87d3db34..a30cb461d1 100644 --- a/openecomp-be/dist/sdc-onboard-db-init-docker/artifacts/Dockerfile +++ b/openecomp-be/dist/sdc-onboard-db-init-docker/artifacts/Dockerfile @@ -1,8 +1,6 @@ -FROM onap/policy-jdk-debian:2.0.1 +FROM onap/policy-jdk-debian:2.0.2 -#RUN addgroup --gid 1000 sdc RUN addgroup sdc -#RUN adduser --gecos "sdc sdc,1,1,1" -u 1000 --disabled-password --ingroup sdc --shell /bin/sh sdc RUN adduser --gecos "sdc sdc,1,1,1" --disabled-password --ingroup sdc --shell /bin/sh sdc USER sdc RUN mkdir ~/.cassandra/ && \ @@ -11,11 +9,13 @@ RUN mkdir ~/.cassandra/ && \ USER root RUN apt-get update --allow-releaseinfo-change && apt-get install -y python-pip && \ + python -m pip install --upgrade pip \ pip install cqlsh && \ mkdir ~/.cassandra/ && \ echo '[cql]' > ~/.cassandra/cqlshrc && \ echo 'version=3.4.4' >> ~/.cassandra/cqlshrc && \ set -ex && \ + python -m pip install --upgrade pip \ pip install cqlsh && \ apt-get install -y \ make \ diff --git a/openecomp-be/lib/openecomp-common-lib/pom.xml b/openecomp-be/lib/openecomp-common-lib/pom.xml index e880b547c7..3cd75a20b3 100644 --- a/openecomp-be/lib/openecomp-common-lib/pom.xml +++ b/openecomp-be/lib/openecomp-common-lib/pom.xml @@ -33,6 +33,7 @@ <dependency> <groupId>ch.qos.logback</groupId> <artifactId>logback-classic</artifactId> + <version>${logback.version}</version> <scope>runtime</scope> </dependency> <dependency> diff --git a/openecomp-be/lib/openecomp-core-lib/openecomp-utilities-lib/pom.xml b/openecomp-be/lib/openecomp-core-lib/openecomp-utilities-lib/pom.xml index 7569267c1a..d8f28d83f8 100644 --- a/openecomp-be/lib/openecomp-core-lib/openecomp-utilities-lib/pom.xml +++ b/openecomp-be/lib/openecomp-core-lib/openecomp-utilities-lib/pom.xml @@ -98,6 +98,12 @@ <artifactId>common-app-api</artifactId> <version>${project.version}</version> <scope>compile</scope> + <exclusions> + <exclusion> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpcore</artifactId> + </exclusion> + </exclusions> </dependency> </dependencies> diff --git a/openecomp-be/lib/openecomp-sdc-logging-lib/openecomp-sdc-logging-core/pom.xml b/openecomp-be/lib/openecomp-sdc-logging-lib/openecomp-sdc-logging-core/pom.xml index ef2a9d170c..033fb31fad 100644 --- a/openecomp-be/lib/openecomp-sdc-logging-lib/openecomp-sdc-logging-core/pom.xml +++ b/openecomp-be/lib/openecomp-sdc-logging-lib/openecomp-sdc-logging-core/pom.xml @@ -26,6 +26,7 @@ <dependency> <groupId>ch.qos.logback</groupId> <artifactId>logback-classic</artifactId> + <version>${logback.version}</version> <scope>provided</scope> </dependency> </dependencies> diff --git a/openecomp-be/lib/openecomp-sdc-notification-lib/openecomp-sdc-notification-websocket/pom.xml b/openecomp-be/lib/openecomp-sdc-notification-lib/openecomp-sdc-notification-websocket/pom.xml index a5e1eae19e..475ce54d49 100644 --- a/openecomp-be/lib/openecomp-sdc-notification-lib/openecomp-sdc-notification-websocket/pom.xml +++ b/openecomp-be/lib/openecomp-sdc-notification-lib/openecomp-sdc-notification-websocket/pom.xml @@ -36,7 +36,7 @@ <dependency> <groupId>com.google.code.gson</groupId> <artifactId>gson</artifactId> - <version>2.3.1</version> + <version>${gson.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> diff --git a/openecomp-be/lib/openecomp-sdc-notification-lib/openecomp-sdc-notification-worker/pom.xml b/openecomp-be/lib/openecomp-sdc-notification-lib/openecomp-sdc-notification-worker/pom.xml index af981b3d3b..3935875d0e 100644 --- a/openecomp-be/lib/openecomp-sdc-notification-lib/openecomp-sdc-notification-worker/pom.xml +++ b/openecomp-be/lib/openecomp-sdc-notification-lib/openecomp-sdc-notification-worker/pom.xml @@ -62,6 +62,12 @@ <artifactId>httpclient</artifactId> <version>${http.client.version}</version> <scope>provided</scope> + <exclusions> + <exclusion> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpcore</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.apache.httpcomponents</groupId> diff --git a/openecomp-be/lib/openecomp-sdc-validation-lib/openecomp-sdc-validation-impl/pom.xml b/openecomp-be/lib/openecomp-sdc-validation-lib/openecomp-sdc-validation-impl/pom.xml index af26b68ec2..e10a9698fd 100644 --- a/openecomp-be/lib/openecomp-sdc-validation-lib/openecomp-sdc-validation-impl/pom.xml +++ b/openecomp-be/lib/openecomp-sdc-validation-lib/openecomp-sdc-validation-impl/pom.xml @@ -99,6 +99,12 @@ <artifactId>httpmime</artifactId> <version>${httpclient.version}</version> <scope>compile</scope> + <exclusions> + <exclusion> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpcore</artifactId> + </exclusion> + </exclusions> </dependency> </dependencies> |